User Tools

Site Tools


linux:tls

TLS

ВВЕДЕНИЕ

В TLS используются два типа ключей - public и private.

private ключ всегда остается у владельца и не разглашается.

KEYS

  • Certificate (Public Key): *.crt, *.pem
  • Private Key: *.key, *-key.pem

OPENSSL

Generate a private key:

$ openssl genrsa -out my-bank.key 2048

Generate a public key (lock):

$ openssl rsa -in my-bank.key -pubout > mybank.pem

Request CSR (CSR is like a certificate but without a signature):

$ openssl req -new -key my-bank.key \ 
-out my-bank.csr -subj "/C=US/ST=CA/O=MyOrg, Inc./CN=mydomain.com"

GENERATING CERTIFICATES FOR K8S

CA

$ openssl genrsa -out ca.key 2048     # Generate private key for CA
$ openssl req -new -key ca.key -subj "/CN=KUBERNETES-CA" -out ca.csr # Generate CSR
$ openssl x509 -req -in ca.csr -signkey ca.key -days 365 -out ca.crt    # Self sign using priv key

Admin user

$ openssl genrsa -out admin.key 2048 # Private key for Admin user
$ openssl req -new -key admin.key -subj "/CN=kube-admin" -out admin.csr # Generate CSR
$ openssl x509 -req -in admin.csr -CA ca.crt -CAkey ca.key \ 
-set_serial 1000 -out admin.crt     # Sign using CA 

CHECKING CERTIFICATES

$ openssl x509 -noout -subject -in ca.crt      # Check CN in certificate
$ openssl req -text -noout -verify -in ca.csr  # Check CSR details 
$ openssl x509 -text -noout -in ca.crt         # Check certificate details
linux/tls.txt · Last modified: by v1ctor